Abstract: Evaluating an organization's risk to be exposed to cyber security events, by collecting security-based risk indicators about multiple organizations and an indication on whether or not each of the multiple organizations suffered a security event, inputting values of the security-based risk indicators about the multiple organization into a software model, running the software model multiple times, where the software model outputs multiple sets of one or more classifiers, where each set of one or more classifiers distinguishes organizations that suffered the security event from organizations that did not suffer the security event, where the one or more classifiers include classifiers selected from the security-based risk indicators, assigning a risk score for a specific organization according to the importance of classifiers related to the specific organization, and computing an underwriting score for the specific organization.

Abstract: A computerized method for evaluating an organization's risk to be exposed to cyber security events, the method including receiving a request to evaluating a specific organization's risk to be exposed to cyber security event, the request including information about the specific organization, collecting security-based risk indicators about the specific organization, inputting the security-based risk indicators about the specific organization into a model, said model obtains weights to classifiers that represent an impact of a specific organization to be exposed to a security event, computing a specific risk value for the specific organization according to values of the specific organization and the weights of the classifiers.